# Risk appetite definitions

Risk appetite is "The types and amount of risk, on a broad level, an organization is willing to accept in its pursuit of value." – [NIST](https://csrc.nist.gov/glossary/term/risk_appetite)

According to the PMBOK® Guide [(source)](http://cybersecurity-materiality.com/):
- Risk Tolerance is the _"specified range of acceptable results."_
- Risk Threshold is the _"level of risk exposure above which risks are addressed and below which risks may be accepted."_
- Risk Appetite is the _"degree of uncertainty an organization or individual is willing to accept in anticipation of a reward."_

Articulate the risk appetite to:

- help guide risk and reward decision-making
- help to embed the right risk culture

See [Collection of Kanban boards on information security topics](../Collection%20of%20Kanban%20boards%20on%20information%20security%20topics.md) for inspiration.

See also [Risk tolerance](..//Risk%20tolerance.md)